System Tool 2011

It’s clear you need virus protection so you stop getting infected. Most likely cause is a you have a trojon downloader program on your computer that is simple installing other false clients. If you can run a virus scan I recommend you do that and see where the traces of this new threat are. We have already done several guides related to this Windows Scan program. You can always read one of the related guides. Just look at the images on the Home Page to see what threats are similar.

When I renamed the file and restarted my computer, a new program, Windows Scan, popped up. What do I do about this?

Thanks a million!!!!

I did panic when I received the ‘WARNING’ message from System Tool 2011, especially when it suggested that my ‘Rapport’ software (which is part of my online banking logging-in process) was infected!!!!

Thankfully, I did not open or subscribe to their site but, instead, texted a friend of mine for advice.

Such advice not being forthcoming quickly enough, I found your site and, after viewing your video and users’ comments several times, proceeded accordingly and, surprisingly, managed to fix the problem myself (Well, I say myself but I mean without my friend’s intercession) or, rather, with your INVALUABLE guidelines and assistance!!!!

I can’t thank or praise you enough!!! – and will DEFINITELY pass your details on to my family, friends and colleagues!!!!!

Thank Heavens there are people like you out there who help, rather than hinder (like these swine who set up these false sites!!!!) we mere mortal computer users!!!

Thanks again!!!!

From a very relieved and grateful user/viewer/client???!!!!!

Many, many thanks indeed.

I killed off this nasty thing using your video as a guide. Just think, I nearly paid Dell about $60 to help me or I could have contacted Microsoft (er, no, on the previous two occasions, they were no help at all).

BTW, the number on the end of my rogue file was 01803.

May you have an excellent Christmas!

You do not need the icon to remove this. Just follow the guide above. If you have problems let us know what step you are stuck on

As mentioned in the video the virus no longer had the “2900″ in the file name mine was “flck06511″. I use XP and was able to locate the file by the icon that shown on the desktop in the video. There was no icon on the desktop but I found a .exe file that had the same icon. Renamed then deleted as instructed in video.

Glad we could help

i don’t have the icon on my computer and my antivirus is telling me i’m at risk. i ran a bunch of different programs it apparently it removed 4 things but it still doesn’t work.

so i made the mistake of purchasing the damn thing! luckily was able to get it sorted out with my bank. any who,

i followed the steps correctly and managed to delete the system tool, but a program called “good memory” that came along with the purchase keeps popping up and running a scan. then it turns my whole screen black. then usually proceeds to restarting. what should i do?

Thank you so much. I thought I was going to have to either go to Geek Squad or have to reinstall my OS because it cost to much to get fixed. This was a fast, easy, and best of all free way to get rid of that virus.

Good Memory is a 100% seperate product. It’s a clone of dozens of other clients. I suggest you read the http://www.removevirus.org/remove-my-disk guide. We included a video in that one as well. It’s a very easy thing to remove.

Because you got infected twice it’s a very clear sign that you have poor virus protection. I recommend you get Spyware Doctor with Antivirus and never have to worry about these things again.

These stupid people got me!!! I actually paid for that stupid spyware!!! Sucks!!! Will they continue to take money out of my accoutn? What can I do?

Read the Great Articles and Advice section of the website for detailed answers.

I removed the .exe files as instructed and then ran both Malwarebytes and McAfee scans. Both came up clean. The virus has come back twice within a 24 hour period, though, with different names each time! I know just what to do now, so it’s not freaking me out anymore, but I obviously don’t want to deal with this every few hours. What else should I do?

i couldnt delete that virus system tool 2011 because it says “The action cant be completed because the file is open in Registry Editor” “Close the file and try again”.. idk how to close the file in Registry Editor

Boot into safe mode with networking and donwload Spyware Doctor with Antivrius from this site. Run the full scan. It will show you the file paths and traces. Then browse to those file paths and delete them.

Thank you so much for the information. My mom was stressing out and was close to making the bogus purchase. I’m just glad that I was persistent enough to find you in youtube and watched how to get rid of it.

Well.. I am not being able to open task manager. How can i ecit the process?

I was able to delete all the System Tool 2011 stuff, even renaming it “delet this b****” yet my McAfee antivirus is telling me I’m at risk. The Real-Time Scanning gets turned off seconds after I turned it on. I’m thinking there’s still some traces of the stupid thing on my computer, but I’m not sure. Advice?

Asked and already answered. Please take the time to read the manual guide above and watch the full video.

My guess is you are using the free version of Mcafee and Malwarebytes. That is why you got infected twice. Free clients do NOT block viruses from installing. They only kick in after you get infected. There are a few clients that provide limited active protection but I never recommend them as you need a good antivirus client that has strong up front protection.

Boot into safe mode and delete the file there.

Thanks for posting a comment. I’m glad you were able to remove your threat with our help. Be sure to bookmark us and mention our website on social sites.

Watch the video. We show you several tricks

Nice detail. I love it when users jump in and help others out.

Hint for others: 6)Click on AppData: (This is a hidden folder. If you can not see it just type “hidden” into the control panel search section and uncheck ( HIDE HIDDEN FILES AND FOLDERS )

The video we included also talks about this. Be sure to still run a full virus scan to ensure you have no other viruses or spyware on the computer.

Double check the folders shown in the guide. You may also need to re-install Mcafee. Personally I have strong negative feeling about them. To each there own. I would run a full scan with both Malwarebytes and Spyware Doctor with Antivirus to ensure you have no other infections.

i have read through everything and watched the video over and over. i cannot figure out how to get this off here. i dont have the icon on the desktop. i tried going into the programs data folder but there isnt anything in it and nothing is hidden. i went into program files and there isnt anything unusual in there either. i did get the task manager to come up when i restarted my computer but then im lost on what to do becuase once it loads far enough to where the system tool 2011 opens then the task manager closes so i am not allowed to do anything with it. i dont want to do a system restore because i dont want to loose anything on my computer. can you please give me some more details or explain more in detail?

The quickest way to remove system tool virus is to go into your files and delete the one that doesnt belong. Its kind of like a game…spot the folder that doesnt belong mixed with wheres waldo!!! yayyyy fun. Here are three different methods to try.

1)First of all before you start in ‘safe mode’ see if theres an icon labeled ‘system tools’ on your desktop.
2)If so right click on it and select ‘go to file location’. It should take you straight to the ‘virus’ so you can delete it.
3)In order to delete the file you may have to rename it first.
4)Also make sure you delete the icon from your desktop.
______________________________________________________________________

Start your comp in safe mode. To do this you restart & while the computer is booting up you tap the F8 key right before windows starts. A screen should come up where you can select ‘Safe Mode’. Once in safe mode…

1)Go to your start menu.
2)Then click on my computer.
3)Double click local disk C
4)Click users
5)Go to your folder (whatever your login name is) click it.
6)Click on AppData
7)There should be 3 folders there (local, locallow & roaming) or whatever.
8)Make sure you have your folders set up so that you can see the ‘date created’. How do you do this? Right click on the little space above your folders labeled (name, type, size, etc) right click here and make sure ‘date created’ has a check next to it.
9)Okay if your folders are set up like that. Click thru them until u see a ‘suspect’ folder name, such as ‘ieh338rhafb’ or something crazy like that. If you click on that folder it should have a ‘system tool’ app inside. Delete the entire folder! & make sure you delete it from the recycle bin.
10) If you’re having trouble locating the folder this is where your ‘date created’ heading comes in…you can actually look for all folders that were recently ‘created’, until you find the weird labeled suspect one ‘afljefjah’. If the ‘system tool’ popup started on 1/1/2010 @ around 2am as mine did, then I would look for folders created on 1/1/2010 @ around 2am.
_____________________________________________________________________

If it’s not found here my next suggestion would be to look more specifically in the temp folder for this ‘suspect’ folder. To get to your temp folder go to START and type in %temp% this should bring the folder up.

I Deleted The Icon Ways Before I Saw The Video Now I Dont Know What To Do
HELP HELP PLease HElp

Hello

I got infected with this virus and i have tried to booth in safe mode on windows xp
and was not succesfull. Nothing seem to work since then. Can I download an antimalware from an external key to get ride of this.

Thanks

Yes you can download a antivirus client and the updates on a seperate disc and upload it that way.

However this threat can be removed following our guide. It works and it’s been tested. watch the video if you have not done so yet. The main step is locating the location of the virus executable and either deleting it or re-naming it. After that the rest is easy.

I first want to thank you for helping everyone. You are wonderful to perform this service!

I cannot delete the exe because even signed in as administrator, when I click on the folder in program data, I get a message that says I don’t have permissions.

I must have rebooted 5 times trying to make this thing go away….and all my anti virus tools were disabled. The 6th time I logged back in, all the pop ups were gone and I could now access task manager, but I am not allowed to enter, delete or modify that folder. I even renamed it.

It’s almost as if the .exe file is no longer running……I don’t know why….but the folder is still there.

It’s not running because as you stated you re-named the file as instructed in the guide. The executable is not going to automatically execute after you change the name.

Sounds like a permission issue is preventing you from deleting the file. You need to take ownership of the file. Then you should be able to delete it. I should point out that whatever antivirus software is installed on your computer should be able to delete this file as well.

I did it, I did it! You were exactly right…I took ownership and then was able to delete the files and the folder.

Again, thank you!

Hi I was wondering what your opinion of avast! Antivirus is? It’s free and of course claims to be good. Many people like me can’t afford those expensive antivirus programs like norton. If you have Ntivirus does that protect you from malware and spyware too? ThNks for the help and sorry if you already answered this elsewhere

Glad you were able to delete the file after taking ownership. Just to confirm the current guides file paths. Was the System Tool 2011 folder in the guide correct? If it was changed what was the folder path for you?

Avast is better than nothing and one of the top FREE security clients on the market. However in my opinion it does not provide sufficient protection against viruses and spyware. No free antivirus client on the market will. Free clients are behind on current threats and do not provide enough upfront protection as the paid clients do.

The “I can’t afford a security client” argument does not negate the fact that you need good protection and for that you will have to pay.

The best free client on the market at this time in my opinion is going to be Microsoft Security Essentials. I still only recommend out paid clients because they offer better protection and customer support.

Hello,

I have watched the video and read the threads but I am unable to Rename or Delete the file (even in Safe Mode). When I go into the Permissions for the file, I am unable to change the Administrator rights (which are permanently set to Deny) access.

I have never opened the file as I realized as soon as it was downloaded.

Any help is much appreciated.

The process of taking ownership of a file is very well documented online. I would suggest you search for the information. If that does not work for you please post back in detail what you have already done to try to take ownership.

In most cases you can take ownership from the folder and include all contents of that folder (inherit properties) My guess is that is your problem.

We can only help those who help themselves. What in the guide are you NOT able to do and what have you already done in the guide

i restored it when i had the virus saying warning you have a virus pay upp
soo i restored it
i dont think it has gone
please help!!

help! i had fixed my laptop from system tool 2011 and now my brother’s computer has the same virus. i was glad to see that i remembered how to fix this. the only thing different about it was that his computer wont allow him to open control panel. what should i do now? if i cant see the hidden folders what now?

Thank you, thank you so much. I didn’t know what i was going to do. I knew I wasn’t going to enter my credit card info. Thankfully my friend found you on the internet for me. I could not get on at all, everything was locked up.
She would watch the video and then tell me what you said. It worked, and I am grateful.

Thanks for the kind words. I’m glad you and your friend were able to put the guide to good use.

Regards,

Jacob

So the control panel is not opening at all? Never seen that before with this threat. Tells me you most likely have a secondary infection as well. Be sure to run a full virus scan. We recommend the SDA client as mentioned in the guide.

With that said. You can access the hidden folders by just manually typing in the file path. For instance if you are on a Windows 7 based computer you could go to
C:\ProgramData\ . Just type in the path in Explorer (Not Internet Explorer)

I have watched your video and looked up so many ways to get rid of system tool 2011. My internet on my infected laptop will not let me download anything to automatically get rid of it. Sometimes it will even shut down. I only found one folder with the virus and was able to delete that after i renamed it. I set it up so i can view hidden folders. I can’t find any other unusually named folder like the one I deleted. (I deleted the shortcut too) I know my computer is still infected. I scanned it with spyware doctor and i still have low risk adware in my laptop. except around 46 of it :-/
I am not computer savvy and it bothers me that I cant seem to find the right files no matter how much I search. I know I can try this manually but I am just about to give up. I tried putting a anti spyware program in the USB drive i have into my infected laptop, but my laptop will not read it at all. It’s really frustrating.

What is your operating System?
Is the Main executable for system tool 2011 still running? If it is not running you should be able to download and run other security clients. If you are unable to and Security Tool 2011 is not running on your computer than that means you need to take a look at the proxy settings and remove them. That or just re-set IE.

I would recommend you try to boot into safe mode with networking and download, install and update Spyware Doctor with Antivirus. From there you should be able to see ALL the left over traces if there are any and remove them manually.

so i was infected with this system tool scam and before i discovered this website i was trying to figure it out on my own with no luck. a couple days or so ago i found your site and watched the video and felt confident i could get rid of it so i started my computer and was going to get er done except this time when i turned on my computer my antivirus picked it up and it seems like all the functions have returned to normal. i deleted it out of the virus chest and restarted my computer and it hasnt returned. i previously restarted my computer several times and one of the first things i did when i got this virus was did a boot time full system scan and it never got rid of it. any idea of why this might be different today and is the virus truly gone? thanks for the help and your excellent website.

any idea of why this might be different today and is the virus truly gone?

I’m sorry but I don’t understand the question. My advice is to follow the guide and remove the traces shown in the guide. Once done install and do a full scan with Spyware Doctor with Antivirus to ensure you have no other threats installed.

It sounds like you got re-infected with this threat. That should be a clear indication to you that whatever antivirus client you are using is not working. I recommend you upgrade. As stated we like the SDA client. You can check out http://www.antivirusreviews.com for some good ideas on what clients work.

can’t find a file named application data???

I don’t want to have to buy anything. Is this scan a free thing or will I have to buy it? Is there any scans I can use without money being involved?

What is your operating system? What have you already done to find the file path so we can offer more suggestions and help. With out knowing the basics it’s hard to help. Be sure to read the FULL guide and watch the videos.

Please also paste in the path on your computer that the guide shows this threat should be in. That way I know you have looked in the correct file path.

READ THE GUIDE. We show you EXACTLY what to do to remove this threat. We recommend everyone scans there computer after they manually remove this threat with Spyware Doctor with Antivirus to ensure you have gotten everything. The scan will show you ALL file paths to any left over threats so you can manually remove them. The free trial does NOT remove and viruses. However it will protect your computer for 30 days and show you all the needed files that you need to delete to remove this virus.

Our manual guide and videos work very well. One thing to think about is you got infected because you did not have proper protection. This threat has been out for over a year now. If you do not want to get infected with another virus down the road you will need to purchase real protection. Free clients while great and useful do not offer the needed protection a PC needs. In most cases the up front protection is very slim.

Watched video. Here’s problems. Deleted desktop icon before watching your video so that’s not an option. Used task manager in safe mode and can’t find any weird exe file. Followed instructions on video through application data folder but can’t find any folder with any icon or strange name with exe. Went to regedit under current user and local machine to software and system tool is not there. Can you possibly help??? Thanks so much

please copy the path we tell you to look at so I can verify you are looking in the correct folder. I will assume you are on a Windows 7 computer.

In the search bar type System Tool and see if the icon shows for you. If it does you should be able to right click and hit properties to see the full location.

You can also do what we did in the video and look under startup items through msconfig.

i have windows xp. i right clicked on the system tool 2011 icon, clicked on properties, and identified the full file path, which starts with Application Data. Beyond that, you’ve lost me with the instructions and i cant get any further. i think in the video you’re using windows 7 and i cannot follow along with that because the file trace procedures you are showing are different than what i’m seeing on xp. i’ve also read the manual removal instructions but it does not provide enough info to get me any further. any detailed info you could provide related to a windows xp specific removal would be greatly appreciated.

System Tool 2011

There’s no desktop icon, but the program engages immediately upon startup. I “unstalled” the software, but it still activates. Viewed the video, found the System Tool folder, but it’s empty. Any ideas?

While the file paths may be different you do the exact same steps.

You have identified the folder that contains this threat. Now browse to that folder and re-name the executable and re-boot your computer. Once your computer starts back up you can now delete that file you renamed and run a full virus scan on your computer.

Let me know if this answered your question. I’m not sure how else to explain it. also paste in your file path so I can ensure were on the same page.

It’s obviously in a different location now.

hit the Windows start button. In the run box type: msconfig . Now under the statup menu you can go through the list and attempt to pick out the folder location of this threat. Then browse to that folder and re-name the file trace.

let me just say that before i rec’d your reply i did some additional things. i did a search of files and folders for the file path ID’d from the system tool icon (application data\nPiNb05700\nPiNb05700.exe”), which showed that it was located in C:\documents and settings\visitor\start menu\programs\system tool. i did all the steps to get there and renamed the file, rebooted, then deleted the file. however, this still did not kill off the executable, so i’m not sure if i did it right. since that didnt work i did another search of files and folders of the file path and nothing came up, so i then searched for 050700, which came up as npinb05700 with a location of C:windows\prefetch. i went to that location, confirmed that it was created on the same date and time when all this system tool stuff originally occurred, and i deleted that file also and rebooted. this also didnt work in killing off the executable. i guess i dont know if i did the file traces correctly by doing it via a search of files and folders. also, i have 2 different user accounts on my computer and system tools only affects one of them. i dont know if this could be of any help to me in trying to get rid of it.

Thanks for this,

spent 10 mins watching the video and it answered all my Q’s and more importantly it fixed it for me!

Thanks again!!

QC

disregard my last comments. i finally figured it out. thanks for the help!

I have successfully deleted the folder (thank you very much for your great video!). I am now trying to install Windows updates, but the updater is failing and giving me an error which suggests that it might be spyware that is preventing me from connecting to Windows update. Any suggestions? (running Windows 7). Thanks

Have you ran a full virus scan yet as instructed by the guide? Run the scan to ensure you are no longer infected with any other viruses besides the one you already removed. Often times people have several threats on their computer.

I did read you figured it out but let me state the solution for others.

You need to rename the nPiNb05700.exe file as instructed in the guide. You would of needed to re-name it and re-boot your computer then delete the file or delete while in safe mode.

The start menu will have nothing but a .lnk file in it that links to the above executable (nPiNb05700.exe). The prefetch folder holds data from previous opened programs and files. So while it the nPiNb05700.exe file may be present there it in almost all cases does not matter because this file is not the one that is being called on system boot to load the threat.

My guess is you re-named nPiNb05700.exe and got your system to work again. Be sure to run a full virus scan to ensure there are no other viruses still installed on your computer. Reply back to let us know if we got it right.

It’s wonderful that companies and people like you are in the world to counter strike the criminals that cause so much missery to so many people.
Your video and website has helped me a lot and I’m entirely grateful.
Many thanks
Rich UK

Hello, I tried to follow the video help and was able to identify the file and find the path while in safe mode and delete it. However, after I reboot to get out of safe mode, my PC will not recover, I just have a blank screen with a flashing cursor on the top left corner of the screen. I was sure I deleted the virus files and not any essential programs, but I’ve tried pressing and holding the power button on/off to try and reboot but nothing. Any ideas?? Please?

I am running windows XP on an Azus Eee.

Your computer is booting to a USB device and not the hard drive. Simply unplug any usb devices and other peripherals besides the keyboard, mouse and video.

Thank you so much. Your clip posted on youtube did help me to remove that gross virus or whatever it is.
I just want you to know that without you and others (like you), I who don’t obtain much knowledge about computers or any IT stuff, won’t be able to deal with those evil guys seeking ways to threaten me and other people like me.

God bless u, my lifesaver.
NINK

thank you so much sir….. it is working….thanks again

Thank you guys! this virus was so bad even my headphone output did not work! I could tell you that i almost cried when i logged in and the scary wallpaper no longer popped up…. oh and one more thing. I downloaded spyware doctor with antivirus, but i cannot open it, even as administartor. any more help would be asking too much on my part, but greatly appreciated anyway.

thx

This thing scared the bejesus out of me. I found your instructions on Youtube to remove it, and it worked pretty smoothly. Luckily I had Droidx and my big magnifying glass so I could follow your video while we uninfected my computer.

Thanks again.

Thank you so much! This worked perfectly!!!

So I think this worked. I used the tool and located a file that I think is the match. There was an icon on the tool bar which I could not open. Also I found some icon with a blue circle with a yellow x that did not appear to belong. I hope this is it and I have not just screwed something up. The system tool is not popping up anymore. Here is the origin on that file. hNaIjBo06504 It does seem to be working though. Thanks

Thanks for the help here. I had this nasty Spyware freakshow ( System Tool 2011 ) on my XP system and it locked down my desktop completely. I had Malwarebytes-free version but it wouldn’t let me run it naturally. It also stopped Fire Fox from running on the net.

I booted in Safe Mode, double clicked on Malwarebytes to do a quick scan and it founded it at the end of the scan. The scan had stopped, then Malwarebytes said “Scanning Additional Items” and then immediately caught this Freakshow and quarantined it.

Now, I’ve heard people say when these things are quarantined it’s better to leave it in quarantine in case it’s attached to a vital file. In your opinion should I leave the two infected files quarantined or delete them?

Thanks!

Does not matter if you delete them now. Essentially the threat is taken care of either way. Normally I remove the threats right away. The reason for just leaving things in quarantine is for when you are not sure the file is really a threat.

Remember that the free version of Malwarebytes offers no protection. I strongly recommend that if you like that software you upgrade to the paid version. Same goes for every other free client out there.

With out knowing what guide you followed and what steps you did It’s hard to make suggestions. also not knowing what operating system you have also makes things difficult to recommend a solution.

As this is a virus removal site only, I suggest you ask your question on a computer repair forum. Your issue is well beyond a virus infection.

If you have data you need on the system I would strongly recommend you call in a professional to repair your computer at this point.

Got system tool 2011 on my machine today. It put itself in the strangest place. The executable contained 8200

I had System tool 2011….maybe a month ago I managed to remove it pretty easily thanks to your awesome video.

Now I have ‘system tool’

There’s no desptop shortcut to right click on, when I do a search for System tool nothing shows up.

I have 3 odd directories in my program folder but none of them contain anything system tool like. So I’m not sure what to do.

i’ve tried all of your methods if i search for the system tool file nothing comes up, it won’t let me go to control panel and i have no desktop shortcut what do i do now?????

Type out the file paths from your computer that you looked in. I bet you are not looking in the correct folder as shown in the guide. Also what is your OS? You mentioned all the methods. Can you tell me what methods those are so I can be sure you did not over look one?

Can you run a virus scan? What is your antivirus client? I ask because if your getting re-infected over and over you don’t have good protection.

Boot into safe mode with networking. Download and isntall the SDA client, run a full scan. It should show you the path to were this gut is at.

Followed your instructions and it worked! I’m so grateful! Thanks!!!!

I knew this was a fake virus programme as soon as it popped up. Unfortunately it locked everything up. Would not let me get into Safe Mode, no Ctrl-Alt-Del task manager, nor msconfig. Your video clips pointed me to the right area where I was able to locate the .EXE file under a gibberish folder. The filename was also gibberish but ended in 08200 in my case. Thanks.

THANK YOU!!! THANK YOU!!!! THANK YOU!!!

Just a few things.

1)The icon on my ProgramData folder was totally different from the annoying icon on my taskbar.

2) I got an key for the program somewhere else and it made everything so much easier ( I registered and than I could stop from being a startup program and all the annoying messages and desktop changing stopped). I used this key (WNDS-S0DF5-GS5E0-FG14S-2DF8G)

3) The file name was completely different : pLjEoFj08503

Once again thank you so much.

Hi,
I too am a victim of the system tool virus. I cleaned it off my computer following a guide I found online but did not do it while in safe mode (I apparently missed that part of the instruction). The last step in the removal was to reboot the computer. The computer rebooted but hung after POST and the screen went black and then nothing. I am unable to get it into safe mode. I was able to get into the bios and I changed the boot up order to allow me to boot up from my windows OS disc. That didn’t work either it recognized the CD Rom drive and attempted to boot, the disc spun up but the screen went blank and then black and the disc stopped spinning soon after. Has anyone else had this happen? I would appreciate any advice or suggestions?

Thanks,

SeanG

I got this virus and successfully removed it, thank you for that by the way. When I was done however I noticed that there were new programs installed in the Accessories section. The program is called Windows PowerShell and is a legitimate Windows program. After doing a quick search I found that this program has long been a way for hackers to attack your computer. I know it came along with the virus because the “last modified” date and time are exactly the same to the minute from when I got the virus. I think even though the virus was removed the program is still running scripts because whenever I try to go back and turn “real-time scanning” for the virus scan program I have back on, which the virus turned off, it automatically turns back off. I tried renaming either one of the two .exe’s in the file and it won’t let me. I booted in safe mode and tried the same as well as just deleting them and it won’t let me. Any advice?

1. Click on “Control Panel” in “Start menu”
2. Go to “Uninstall a program” in “Control Panel”
3. Click on “View installed updates” in “Programs and Features”
4. Right click on Update which reads Powershell and uninstall it.

You did not mention what antivirus client you have. If it’s a free client then you don’t have good enough protection. At the very least download a free trial of a paid client like Spyware Doctor with Antivirus and run a full scan to ensure you are not infected with anything else.

It’s hard to say if you are still infected but I would run an antivirus scan with a client I trust and if it finds threats you can just manually remove them or register the client and have it remove them.

I would use the Windows disc to run an ntfschk and then do a repair using the disc. Sounds like some files in the Os are corrupt and not loading.

Thank you for your guide. I got the system tool virus and knew from a previous past spyware issues that I would have to restart into safe mode in order to delete it and run the anti-spyware program. I could not get into any browser, task manager, or anything useful….all was disabled by system tool. I hit the reset button and then F8 to try and boot into safe mode. The system blue screens part way into any attempt to load windows in any variety (safe mode, normal, etc) The only functional form of windows is the recovery console from the original windows disk, but that does not let me access the needed directories to delete the problem (access denied). Does this virus affect the boot record too? How do I fix this to enter safe mode at least?

I just removed ‘system tool’ not ‘system tool 2011′ following the vid you used previously (picked up the virus on the 21st of Feb.) I also had no desktop icon, and searching ‘system tool’ was no good. I managed to find the damn file by clicking the balloon that pops up, THEN a padlock icon came up on my taskbar. right clicked it, hit properties, & found the file name. guess they stopped putting in the words system tool to make it harder to find. jerks. my file name had no intelligible words at all, it was “c:\ProgramData\bEmPdCp01805″ yours’ll be different obviously, but thats what mine was called. It also helped me a lot that I knew roughly WHEN it infected me, so I could sort by date & time to help narrow down the likely culprits. Hope this helps, good luck! (p.s. my OS is windows 7)

I was probably using my work laptop too much to book vacation trips, etc. Then this virus took over and I almost had a panic attack. Thank you for your free and easy advice. While I did not have the icon on my desktop, I found the virus using the hidden file method. Once I renamed it and rebooted, it was gone. Now I’m running the virus detector that was installed by my employer. I’m so grateful I didn’t have to tell my IT guy!

I am not very computer savvy, but I have found your video easy to follow.
That said…we have Windows XP, so I have watched both videos and the second one helped me to get all the way into the point where I could see my hidden icons. I realize that you said that not everyone would have a blue shield icon like you showed, but that they would have an unusually named file. I can’t see either on my computer. The ones that I thought looked the most unusual to me were also on your screen, so they must be part of a normal computer system. There weren’t any that ended in .exe at all. I cannot open in ‘safe mode with networking’ and I don’t have a ‘System Tool’ icon on my desktop. I’ve also gone into ‘start’ and ‘run’ and tried the ‘misconfig’ command, but it doesn’t work.
I hate to bother you, but do you have any other suggestions? Please let me know if you need any other information from my end.
Many thanks.

Hello,
You’re a modern hero helping all these people. You seem to know what you’re talkng about.

I’ve tried everything on your videos and none of it really applies to me as i can’t find anything you describe. There is no desktop icon. I entered system tool in search and it found nothing, i even entered .exe and found nothing strange in there. i cant load task manager and cant load redegit. I loaded these both in safe mode and found no trace of the virus and no numbered file names and nothing ending in .exe.

I am using windows vista.

Also on users on c drive it simply gives me documents i cant find AppData.

Anything else i should try???

Is it possible the longer you have this virus the worse it gets, my computer has started re-starting itself of its own accord.

weirdly it only affects one user on the computer and the other users work fine.

thank you very much

nick

Also should mention some good user tips can be found in the comment section.

“A tip for checking that the file is the right one is to right click on it and see the installation date. if it’s an old file it won’t be the bad one.”

I have .exe showing simply because I have my computer settings to show the extension of file names. You can do the same if you like in the same section shown about showing hidden files and folders.

It sounds like you have not looked at the start-up menu yet. Go to Start and in the Run/Search box type MSCONIFG . Now once the dialog box opens select the Start-Up tab and look through there for a similar file trace. Uncheck the box for the file and re-boot the computer. If System Tool No longer runs then you found the correct file trace.

Pleas also post back the Directory path you are looking in as it’s shown in the guide. Most people seem to get the correct paths confused and don’t actually look in the right path.

My only other suggestion as you can not boot into safe mode would be to hire out a pro. It sucks but sometimes you just need an expert. As stated I recommend http://www.onlinecomputerrepair.org . They are based in the the United States and do a good job.

Your guide was great. Even though my XP is a bit old, I was able to reveal the hidden folders and found the folder with the odd name in all users/local settings/application data.
A tip for checking that the file is the right one is to right click on it and see the installation date. if it’s an old file it won’t be the bad one.
Thanks a million,

steps to remove virus are clear and concise
it did the job…
spyware with antivirus located more items my other antivrus didnt..
great job.

Hi – watched the XP video and the longer one, have searched by “System Tool” into search and can’t find it. I also looked where it told me in the video (C:\Documents and Settings\User 1\Local Settings\Application Data) and there is no such file there, just a file which has a really long file name and listed as Configuration Settings called DCBA2A71-70D8-4DAN-EHR8-E0D61DEA3FDF. I really don’t think this is the file. I’ve also looked in C:\Documents and Settings\User1\Application Data and C:\Documents and Settings\All Users\Application Data and pretty much trawled all through my C Drive but can’t find anuthign that looks remotely likely. Any further suggestoins you can make would be greatly appreciated.

Thank you,this simple guide helped me fix a computer with,
System Tool running on it.
The PC was using WIN xp,
i found the EXE in
C:\Documents and Settings\All Users\Application Data\[random]\[random].exe

Thanks again.

Hello Jacob, my computer was infected with system tool 2011 today, I found this website and try to locate where the executable file is, and even I tried to use the spydoctor tryinmg to find it. But the spydoctor does not find out. What shall I do? Thanks

Thanks Murray for including your operating system and were you have already looked.

You May want to see if you can boot into safe mode with networking and install Spyware Doctor with Antivirus and run a scan to see were the file is so you can manually delete it.

Another idea would be to boot into safe mode and see if you can do a system restore.

Yet another idea would be to boot into safe mode and then hit the windows start button. In the run box type MSCONFIG . Now select the startup tab. Look through all the startup files and see if there are any funky looking file traces like we show in the examples. The full file path will be shown as well as the file name. Un-check the box and re-boot. If the System Tool 2011 is no longer running I would say that is the correct file and you should be now able to run your antivirus client to delete everything else.

Thank you, thank you, thank you!!! Followed your great directions (video) and eliminated this scam program. Had a little trouble finding, but finally located in my All Users folder. FYI, name on mine was pPbkjIl01803.exe. Thanks again. Will now get Spyware Dr. w/A-V.

Hi there,
I’ve read the first 10-11 comments or so, so forgive me if I’m repeating a question. I have the system tools virus on my windows xp comp (note it just calls itself system tools, not system tools 2011). I’ve attempted to follow all the steps in your video, however I can find no trace of system tools on my computer, although the window pops up. There is no trace of it under my computer, no trace of it asking the computer to search for it and no trace of it under my start menu. It also won’t allow me into task manager and won’t let me fire up my actual antivirus program.
Any tips?!
thanks in advance
Dan

Hello Nick,

You seemed to of missed a step in the guide. You need to SHOW HIDDEN FILES AND FOLDERS in order to see the Appdata Folder. Do that and you will be able to follow the path provided in the guide to hopefully find the trace.

Also as instructed in the guide. If you are able to boot into safe mode with networking you can download the Spyware Doctor with Antivirus client from this website and run a scan. It will show you EXACTLY were the trace file is. From there you can manually delete the file.

Was it Spyware Doctor or Spyware Doctor with Antivirus? Also did you ensure you have updated the client and that a FULL scan and not the mini scan was done?

Please answer the above and I should be able to help you out further. In 90+% of all cases people can not run any antivirus client while security Tool 2011 is running. I am going to assume that Security Tool 2011 is not running. It may be that the SDA client already removed the threat and you did not realize it. If you can boot normal and everything seems OK but you are unsure whether you are still infected or not I would suggest you also run a scan with Malwarebytes to ensure you are clean.

Hi Dan,

Yhea that question was asked many times over. Please go through ALL the comments. I know it’s a pain but tons of good infor is in there and the answer should be in there for you as well.

Hi There, Firstly, thank you for helping with your youtube video!
I did have a couple of things different from your video and they were;
No icon or in the folder as you explained,
So I clicked start, typed C:\ProgramData in to the search bar and hit enter, then clicked on date modified/created and it came up in there (nLkDgLf06300).
My computer is vista so I hope this might help anyone else who encounters similar problems!
Thank you again and keep up the good work, fingers crossed I won’t be needing anymore help, but if I do I know where I’ll be heading!
Cheers

Good stuff. Solid info here for you guys. Thanks for taking the time to post back and help out others. Be sure to run that FULL ANTIVIRUS scan in the end. Chances are you have several threats on your computer. Only by running a scan can you determine if you are virus free.

Thanks for the YouTube video. Instructions worked perfectly. This is te first time I’d ever been infected with spyware/virus that hijaked my computer. Pretty scarey.
Regards
Roger

Hi,
Before I go any further I can assure you we have completed every way of trying to sort this issue out on our laptop. We were well and truly infected by this virus and had to spend a long time initially to try and find it. It seems they have created newer versions that actually do not respond in the same way to your instructions. For example the file was not created on the same day it infected our computer indicating they have devised a way of imbedding in the files with a delayed infection. Also having downloaded Malwarebytes in safe mode it did not find the infected file fin the first scan. This thing looks like it is evading them as well. it was on our 3rd full scan that it found a rogue file, which we of course got rid of. We ran another scan with different software which found another rogue file, different again. We have restored to a safe date also and have trawled through our hard drive to find anything suspicious. Having done all of this the computer is still being effected and I am not convinced it has truly gone. for example our full version of McAfee among various other firewalls and anti virus software will not run the firewall or scan so our computer is still compromised. It has also changed permisions to make changes to and delete files as we felt we should go through and delete any unneccessary and out of date files to ensure our hard drive is as clean as possible. It has also changed the modification dates of files we know have been changed before or since. This obviously makes it hard to find the infected files. More inportantly it has completely disabled our internet, initially the wireless and now seems to have disabled any connection through the cable as well. Unfortunately it seems to be getting worse and the computer is slowing down on simple processes such as bringing up a file list. Obviously with disabled antivirus software we cannot really access the internet anyway as we would be open to a hell of a lot more! We have recently set up a new router on our network and unfortunately everytime we restart or turn on the computer the settings are changed.
What I really want is some one to tell me it isn’t irreaprable. Also I wanted to let others out there know that they are changing the way they work so the information on forums also needs to change.
Please, Please help with any ideas.
Thanks,
A very frustrated person!

Hi Jacob,
Just like to thank you for your top tutorial.
I have just removed System Tool 2011 from my girlfriends computer running XP.
I filmed your video straight from the screen and watched it back step by step as I did it. The rogue exe file was in two user application data folders but without the icon. Again many thanks.
Alan

Thanks for the video. The version of this virus that I received however did not have any of the nomenclature that you described. I was able to find it by looking for the only folder that was created and modified on the exact same day that I received the virus. (It also did help that once I looked and the properties of the executable file in the folder, Russian characters did appear) I thought this additional confirmation is something that you might mention in your next video if there is one. If you mentioned this and I missed it, please disregard.

Thanks again.

Jacob,
Thanks for the reply. Sorry I took so long to get back to you, I have had to purchase a new computer and set everything back up so I can Email.

In answer to your question I actually used the guide found on this website. It seemed to work perfectly and then hung on the restart. After getting on a friends computer I went back to the site to see the comments and I noticed that people were commenting on running the tool in safe mode. I did not do that, I was so worried about this virus screwing up my computer that I hurried thru the instructions and tried to get rid of it ASAP……. which screwed it up anyway.

My goal now is to get this thing to boot up so I can get all my data from the hard drive transfered to my new computer. I will then format the hard drive and reinstall the O/S and hopefully have auseable computer that I can give to my daughter.

Thank you so much! Everyone else wanted $89 and up, and i had no guarentees that they would actually help. Thanks to you, i did it myself, easily and free! I will recommend your site and videos to all of my friends and family!

ive removed system tool but want to know how to stop it infecting my computer again, already installed malwarebytes anti malware and avast antivirus , is this sufficient to stop it ?

If they are free versions of the software then NO it is not enough protection. If one of them is a paid version you should be good as long as you practice normal safe web surfing and don’t run files from sources you do not trust.

I myself use the same software we recommend on this site. Spyware Doctor with Antivirus.

What you are experiencing is not due to System Tool but rather a slew of other viruses. System Tool is for the most part a very dumb threat. It does block executables and the like but in most cases those who are infected with this are also infected with several other threats.

In your case you have a trojan on your computer. It went out one day and installed the System Tool threat (You could of been infected for weeks and not of known). It sounds like it’s this trojan that you need to remove.

Your computer is most likely easy to fix for a pro. For a novice or even intermediate user you will have a challenge.

What I would do in your situation

1. You already used the System Restore. Use it again and go back further.

2. Uninstall all security clients. Then re-install just ONE, fully update it and run a full scan.

3. If things are looking like they are back to normal go ahead and install either Malwarebytes or my recommendation of Spyware Doctor with Antivirus and run a full scan.

For your internet issue: Ensure you do not have a proxy setting on. Check the HOW to Guides section above on this.

Hey guys

Just wanted to thank you for the easy instructions on removing System Tool.

You guys are legends!

Glen, Sydney, Australia.

I have just found this video on a friends laptop I’m using to try to work out how I can get Security Tool off of my own PC and before I go and do the process my self I wanted to check a couple of things.
Firstly when the virus first downloaded I checked to try and find the program on my computer but could not in the same way that you did. There is no shortcut and it’s not in my unistall/change programs list, what do I do?
The secound question I have is if the free avast I have on my computer will be sufficient for the scan to run after deleting the file, if not will the free scan at the top of this page be enough?
I really can’t afford expert help or a paid virus scan so your website has been a real gift and pre-emptively thank you.

i found the .exe file, located in ‘all users’… i renamed it, although was unsure if it would work as the icon did not change as it does in the video. rebooted comp and was able to delete it. i am now running the antivirus. Thank you so much!!!

Q.There is no shortcut and it’s not in my unistall/change programs list, what do I do?
A. I won’t be listed there. Viruses do not normally list themselves in such places. Follow the guide and try those paths shown. We list the paths for you to look in above in the manual guide. Please read the guide as well as the comments.

Q.The secound question I have is if the free avast I have on my computer will be sufficient for the scan to run after deleting the file, if not will the free scan at the top of this page be enough?
A. Now I know you did not read through the comments as this was already asked and answered. NO FREE CLIENT out there is good enough to protect a computer. all most all free clients offer NO upfront protection. That means they do not block viruses. They only catch them after they have infected your computer and by then it’s often too late. Those free clients out there that do have up front protection are just stripped down versions of the paid client. It will not have the latest definitions and will also be lacking in up front protection and overall security features.

As for the free scan. NO IT is not enough. Read the top right of the site for a more detailed answer on this.

I just wanted to say thank you for the helpful video, my sister has had this virus for a couple of weeks and i have been trying to get rid of it. I appreciate the work and effort you put into these helpful guides and i will be recommending you to people i know.
thanks again

phil

Thanks for your ongoing support. I got last years version of this and viewed your video but couldn’t remember how to remove it when I got it again. Thanks for sticking around to help those of us who are less adept!

Hello! My sister’s computer got the system tool virus so I followed your video to delete but I accidentally just deleted the file before changing the program name and then rebooting then deleting it… so now I’m trying to download antivirus program but computer’s not letting me download anything right now… can you please help me? Thank you! Also, your video was great!

I find it really odd that these blog sights are so full of positive comments about the anti-malware “saving” computers. Anyone here wonder where SystemTool type malware originates? Maybe it’s from the guys who are so happy to “fix” it for you for free! Hey, what a swell bunch of guys! Wake up and smell the coughee…

Thanks a lot for your instructions! I was able to get rid of this very quickly but I would like to add a few points to it because it seems the virus now has newer version and doesn’t let you run some steps shown in the video e.g. it doesn’t let you run Task Manager to kill the executable, it doesn’t let you run Control Panel to unhide the hidden folders and it doesn’t let you run the Command window to get to any msconfig in order to find the virus in the startup. Following are some simple steps that would save you from all the hassel:

1. Do not try to fix the virus in the normal mode; your first step should be to restart and go into Safe Mode by pressing F8. This will keep the virus from activating and you will be able to follow the removal steps without any problems.

2. Once you are in the Safe Mode go to Control Panel –> Folder options and select show hidden folders/files as shown in instructions in the video.

3. Then go to Start –> Computer then go to c:\ProgramData and look for the folder with a weird name. Note down the folder name, Delete the folder and Empty Recycle Bin.

4. Now go to Start –> All Programs –> Accessories — Run. Type RegEdit . This will open the Registry Editor. Go to KEY_CURRENT_USER –>Software–>Microsoft–>Windows–>CurrentVersion–>RunOnce “[folder name you noted down]” and delete this key.

5. Restart your computer in normal mode and run AntiVirus software to make sure there is nothing else on the system if you like.

Hello Sparky,

Your ignorance to the spyware and virus field is most likely the root cause of your infection. You are lucky there are sites out there like this that help people remove viruses and spyware. I donate hundreds of hours of my time every year making videos educating people on how to remove threats and protect themselves. Your comments don’t deter me from helping people as for every comment like yours I get a good 70+ comments thanking me for helping them. Take your conspiracy theories elsewhere. I don’t have the time to respond to ignorant comments like yours all day.

I guess there is a newer version came out. It does not let the computer start in safe mode. In normal mode can’t run cmd, or regedit either and does not allow to install any software. Anyone has a work around this?

The above guide was created as a generic guide and STILL WORKS. We do not normally instruct people to boot into safe mode as most threats do often times block this option. We recommend you follow the paths shown in the guide and simply re-name the virus threat, then re-boot.

One word: ‘Thanks’.

Alright, maybe a few more… Thank you, Jacob – the instructions and video were clear and enabled me to remove the threat with ease. Your (virtual) help is much appreciated.

Thanks for your comment Budi. As stated in the guide you now need to run a full virus scan to see if you have anything else. There is definetly a registry trace left but if the main executable is gone it does not really matter. With this said, almost everyone infected with System Tool 2011 will also have a trojan or two installed on their computer. You need to now run a full virus scan to ensure no other infections are present.

I did run a full scan using the free version of Antivir and the full scan does not show that my computer is infected. i also run a full scan using Malwarebytes Antimalware and it does not show anything as well. hopefully there is no more virus in my computer!

btw, thank you very much for the fast reply Jacob, really appreciate it !!

Thank you!! You helped me save my life..now i think the virus is already gone

I have one question though, not sure if it’s been asked(sorry if its been asked before)…im using windows 7 and i have checked my registry from regedit, but i cannot find any random number on any of the suggested registry directory..does that mean the virus is gone?

system tool is also not showing any shortcut on the desktop after i reboot(before i reboot, the wallpaper was the same one as the one that you showed and other symptoms were also present)… and i checked the directories on the APPDATA and PROGRAMDATA and there are no sign of random files or folder there(i remove the hide hidden files or folder)..does this mean that the virus is gone?

Good advice.

I am running XP Pro SP 3. I had to go to safe mode as I was blocked from all applications including Task Manager. I did not get an icon on the desktop. The executable appeared as C:\Documents and Settings\All Users\Application Data\oAkOaMp05603\ oAkOaMp05603.exe whilst the registry info was in My Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce.

I sorted the directory by date to narrow my search for the likely folder.

Thanks Tom

i activated the code on it when it comes up asking if you have a license key put in: WNDS-S0DF5-GS5E0-FG14S-2DF8G (the 0′s are numbers not letters) then it all removed the so called trojans,worms etc.. after that i restored my computer to the last week

Wow! That was almost TOO easy. I feel like I cheated by not spending hours trying to remove the virus. Thanks. The video was the clincher for me that made it a breeze.

Thanks Jacob.
I’m not that confident with this sort of stuff, and a lot of the online advice seems pretty complicated. But once I read your guide and watched the video I was able to get it sorted out in no time.
Thanks again.

Guys,

Thanks so much for your step-by-step instructions for Windows XP, as everything worked perfectly. On behalf of my daughter’s laptop, a sincere thanks.

I had the system tools 2011 pop up on my computer this morning. I tried running my antivirus with not much luck before the computer froze up. I restarted it in safe mode and restored it to a previous backup date and then I restarted in regular mode. I ran my antivirus and it didn’t catch anything AND system tools hasn’t tried running. I don’t have an icon on my desktop for it. I watched the videos and tried everything to find it to make sure it was gone. However, I can’t find the weird name file and nothing points to it. Did restoring to the previous date clear the virus? I wouldn’t think that it did but not 100% sure.

When people ask you questions you really should not reply read the through the some 200 replies and look for yourself. If you have to time to write a comment just reference which comment to look at. And also please do not be a jerk and write what do you NOT understand from the video. Sounds like your in third grade teasing children who do not understand math very well. Besides, when someone tells you that they went through the steps but the trace wasn’t there you shouldn’t tell them to follow the steps again. You ignorance is that there are new versions of the virus out there. Mine for instance, did not follow any of those rules. The file was in the program data but it was not named the same way and the icon was completely different than the system tool icon on the toolbar. If i had of only followed your advice i would have spent hours watching your video and reading thourhg mundane useless comments to never find my answer. Your site did help a lot and I really appreciate it but don’t act like just becuase we have to ask you a question we did something wrong in the process.

I suggest you start your own virus removal website and donate 100′s of hours of your time for free if you do not like what I am doing.

The answer depends on many different things. The only way to be sure you are no longer infected is to run a full virus scan. What is your antivirus client? If it’s a free version you should download a trial of a paid client and run a virus scan with that. Paid clients have more up to date definitions and offer better scanning.

Awesome to hear. Thanks for the kind words.

I had this virus come on my computer but could not find a way to get it off. So I went ahead and purchase the one year subscription. Is there a way I can get that back?

http://www.removevirus.org/paid-for-a-fake-security-client.html

Hey:

Thanks a bunch for your insight on this virus. It really helped me. I did want you to know on my version of XP with an HP. The file was not able to be located on task manager due to lock out, Control panel was locked out, and was not contained in my user. So I ran a search in all users in the past week and found a folder that was suspect. It was contained in All users app Data–I looked inside saw two files and EXE with all numbers and a DAT log. Renamed both rebooted and gone. I could never see file path nor the name “system tool” on any location in the computer except in windows accessories folder. (Figured I would not rename it–))

Therefore on my system it actually created a folder within the folder and then a second sub folder…I would have never found it without the idea to running a search in users and then searching changes or files created in the past week without looking for files in the app data. Thanks your information about where it typically is—Sorry I did not save screen shots–was perfect.

This may be the difference in some of our systems and the difficulty of finding.

James

System Tool 2011 does not save user information like what you are mentioning. That does not mean you are not infected with some keylogger program that is passing on this information. You need to run a full virus scan to ensure you are clean.

I followed you guide and so far so good!

Although when i was looking at some other guides there was stuff about re-installing Windows HOST files or somthing?

Do I have to do this if I’ve followed you guide or don’t you have to do it anyway?

Thanks

THANK YOU, THANK YOU, THANK YOU.

Run a full virus scan and find out. Chances are the System Tool 2011 threat is gone but you may have other viruses / trojans installed. Only a antivirus client can tell you if your infected or not.

Hi before I read this I deleted the account the virus was on because it seemed like that was the only account affected and it wasnt a main account for me. Is the virus still in my computer?

It does no harm to generate a new HOSTS file.

See our guide on the HOSTS file is and what it does. http://www.removevirus.org/how-reset-hosts-file-xp-vista-windows-7

Hi. I know I have that virus. My screen is held hostage by that warning thing you show on your video However, I don’t have the Icon. So, I went to startup and only found 2 shortcute to system tools 2011 that didn’t have any kind of program file name. I couldn’t find the file on control panel either… I went to the site you reccommended and it appears they charge 89.99 to help me….. Can you help me find and delete that file?
DOUG

i have stopped this scam from ripping me of but i used a registation code to accept it and its stopped annoying me but im not sure if my computers in any good shape for me to put